From 0ca1368dcc3fa368320ae199cd0e1dd14fb711fa Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 14 Oct 2022 13:56:35 +0200 Subject: [PATCH] sources/saml: improve error handling for missing assertion and missing subject closes #3784 Signed-off-by: Jens Langhammer --- authentik/sources/saml/processors/response.py | 6 +++++- authentik/sources/saml/views.py | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/authentik/sources/saml/processors/response.py b/authentik/sources/saml/processors/response.py index 788acb4cd..fe0afb688 100644 --- a/authentik/sources/saml/processors/response.py +++ b/authentik/sources/saml/processors/response.py @@ -163,10 +163,14 @@ class ResponseProcessor: def _get_name_id(self) -> "Element": """Get NameID Element""" assertion = self._root.find("{urn:oasis:names:tc:SAML:2.0:assertion}Assertion") + if not assertion: + raise ValueError("Assertion element not found") subject = assertion.find("{urn:oasis:names:tc:SAML:2.0:assertion}Subject") + if not subject: + raise ValueError("Subject element not found") name_id = subject.find("{urn:oasis:names:tc:SAML:2.0:assertion}NameID") if name_id is None: - raise ValueError("NameID Element not found!") + raise ValueError("NameID element not found") return name_id def _get_name_id_filter(self) -> dict[str, str]: diff --git a/authentik/sources/saml/views.py b/authentik/sources/saml/views.py index f49fe1294..0db4630b6 100644 --- a/authentik/sources/saml/views.py +++ b/authentik/sources/saml/views.py @@ -163,7 +163,7 @@ class ACSView(View): try: return processor.prepare_flow(request) - except UnsupportedNameIDFormat as exc: + except (UnsupportedNameIDFormat, ValueError) as exc: return bad_request_message(request, str(exc))